From 3972d1bb33edb5dc1cb1d7c4f13598be1bb5bbd4 Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Sun, 5 May 2024 09:48:57 +0200 Subject: [PATCH] [mod] uWSGI config: configuring uwsgi for production As stated in .. and other posts, the defaults of uWSGI not suitable for a productive environment. To give just one example, the workers run indefinitely and the memory leaks aggregate. - "Configuring uWSGI for Production: The defaults are all wrong" EuroPython 2019 [1] - "Configuring uWSGI for Production Deployment" [2] - "When Paul has tested some PR on his instance, we could clearly see a memory leak over a week: the memory never dropped to the initial value. Same for my instance using Docker." [3] [1] https://av.tib.eu/media/44810 [2] https://www.bloomberg.com/company/stories/configuring-uwsgi-production-deployment/ [3] https://github.com/searxng/searxng/pull/3443#issuecomment-2094347004 Signed-off-by: Markus Heiser --- dockerfiles/uwsgi.ini | 14 +++++++++++++- .../templates/etc/uwsgi/apps-archlinux/searxng.ini | 14 +++++++++++++- .../etc/uwsgi/apps-archlinux/searxng.ini:socket | 14 +++++++++++++- .../templates/etc/uwsgi/apps-available/searxng.ini | 14 +++++++++++++- .../etc/uwsgi/apps-available/searxng.ini:socket | 14 +++++++++++++- 5 files changed, 65 insertions(+), 5 deletions(-) diff --git a/dockerfiles/uwsgi.ini b/dockerfiles/uwsgi.ini index 812716853..b772e4428 100644 --- a/dockerfiles/uwsgi.ini +++ b/dockerfiles/uwsgi.ini @@ -1,3 +1,4 @@ +# -*- mode: conf-unix; coding: utf-8 -*- [uwsgi] # Who will run the code uid = searxng @@ -6,6 +7,13 @@ gid = searxng # Number of workers (usually CPU count) # default value: %k (= number of CPU core, see Dockerfile) workers = $(UWSGI_WORKERS) +harakiri = 60 +max-requests = 1000 # Restart workers after this many requests +max-worker-lifetime = 3600 # Restart workers after this many seconds +reload-on-rss = 2048 # Restart workers after this much resident memory +worker-reload-mercy = 60 # How long to wait before forcefully killing workers +die-on-term = true # Shutdown when receiving SIGTERM (default is respawn) +py-callos-afterfork = true # allow workers to trap signals # Number of threads per worker # default value: 4 (see Dockerfile) @@ -17,6 +25,9 @@ chmod-socket = 666 # Plugin to use and interpreter config single-interpreter = true master = true +strict = true +vacuum = true # Delete sockets during shutdown +need-app = true plugin = python3 lazy-apps = true enable-threads = true @@ -33,7 +44,8 @@ auto-procname = true # Disable request logging for privacy disable-logging = true -log-5xx = true +log-4xx = true # but log 4xx's anyway +log-5xx = true # and 5xx's # Set the max size of a request (request-body excluded) buffer-size = 8192 diff --git a/utils/templates/etc/uwsgi/apps-archlinux/searxng.ini b/utils/templates/etc/uwsgi/apps-archlinux/searxng.ini index 650c8cc3f..ff32ab2a9 100644 --- a/utils/templates/etc/uwsgi/apps-archlinux/searxng.ini +++ b/utils/templates/etc/uwsgi/apps-archlinux/searxng.ini @@ -1,4 +1,4 @@ -# -*- mode: conf; coding: utf-8 -*- +# -*- mode: conf-unix; coding: utf-8 -*- [uwsgi] # uWSGI core @@ -24,6 +24,8 @@ env = SEARXNG_SETTINGS_PATH=${SEARXNG_SETTINGS_PATH} # disable logging for privacy logger = systemd disable-logging = true +log-4xx = true # but log 4xx's anyway +log-5xx = true # and 5xx's # The right granted on the created socket chmod-socket = 666 @@ -33,6 +35,9 @@ single-interpreter = true # enable master process master = true +strict = true +vacuum = true # Delete sockets during shutdown +need-app = true # load apps in each worker instead of the master lazy-apps = true @@ -50,6 +55,13 @@ enable-threads = true # Number of workers (usually CPU count) workers = ${UWSGI_WORKERS:-%k} threads = ${UWSGI_THREADS:-4} +harakiri = 60 +max-requests = 1000 # Restart workers after this many requests +max-worker-lifetime = 3600 # Restart workers after this many seconds +reload-on-rss = 2048 # Restart workers after this much resident memory +worker-reload-mercy = 60 # How long to wait before forcefully killing workers +die-on-term = true # Shutdown when receiving SIGTERM (default is respawn) +py-callos-afterfork = true # allow workers to trap signals # plugin: python # -------------- diff --git a/utils/templates/etc/uwsgi/apps-archlinux/searxng.ini:socket b/utils/templates/etc/uwsgi/apps-archlinux/searxng.ini:socket index eb1220233..d4f7dc0bb 100644 --- a/utils/templates/etc/uwsgi/apps-archlinux/searxng.ini:socket +++ b/utils/templates/etc/uwsgi/apps-archlinux/searxng.ini:socket @@ -1,4 +1,4 @@ -# -*- mode: conf; coding: utf-8 -*- +# -*- mode: conf-unix; coding: utf-8 -*- [uwsgi] # uWSGI core @@ -24,6 +24,8 @@ env = SEARXNG_SETTINGS_PATH=${SEARXNG_SETTINGS_PATH} # disable logging for privacy logger = systemd disable-logging = true +log-4xx = true # but log 4xx's anyway +log-5xx = true # and 5xx's # The right granted on the created socket chmod-socket = 666 @@ -33,6 +35,9 @@ single-interpreter = true # enable master process master = true +strict = true +vacuum = true # Delete sockets during shutdown +need-app = true # load apps in each worker instead of the master lazy-apps = true @@ -50,6 +55,13 @@ enable-threads = true # Number of workers (usually CPU count) workers = ${UWSGI_WORKERS:-%k} threads = ${UWSGI_THREADS:-4} +harakiri = 60 +max-requests = 1000 # Restart workers after this many requests +max-worker-lifetime = 3600 # Restart workers after this many seconds +reload-on-rss = 2048 # Restart workers after this much resident memory +worker-reload-mercy = 60 # How long to wait before forcefully killing workers +die-on-term = true # Shutdown when receiving SIGTERM (default is respawn) +py-callos-afterfork = true # allow workers to trap signals # plugin: python # -------------- diff --git a/utils/templates/etc/uwsgi/apps-available/searxng.ini b/utils/templates/etc/uwsgi/apps-available/searxng.ini index 7d367d9ee..6763a5208 100644 --- a/utils/templates/etc/uwsgi/apps-available/searxng.ini +++ b/utils/templates/etc/uwsgi/apps-available/searxng.ini @@ -1,4 +1,4 @@ -# -*- mode: conf; coding: utf-8 -*- +# -*- mode: conf-unix; coding: utf-8 -*- [uwsgi] # uWSGI core @@ -27,6 +27,8 @@ env = SEARXNG_SETTINGS_PATH=${SEARXNG_SETTINGS_PATH} # disable logging for privacy disable-logging = true +log-4xx = true # but log 4xx's anyway +log-5xx = true # and 5xx's # The right granted on the created socket chmod-socket = 666 @@ -36,6 +38,9 @@ single-interpreter = true # enable master process master = true +strict = true +vacuum = true # Delete sockets during shutdown +need-app = true # load apps in each worker instead of the master lazy-apps = true @@ -53,6 +58,13 @@ enable-threads = true # Number of workers (usually CPU count) workers = ${UWSGI_WORKERS:-%k} threads = ${UWSGI_THREADS:-4} +harakiri = 60 +max-requests = 1000 # Restart workers after this many requests +max-worker-lifetime = 3600 # Restart workers after this many seconds +reload-on-rss = 2048 # Restart workers after this much resident memory +worker-reload-mercy = 60 # How long to wait before forcefully killing workers +die-on-term = true # Shutdown when receiving SIGTERM (default is respawn) +py-callos-afterfork = true # allow workers to trap signals # plugin: python # -------------- diff --git a/utils/templates/etc/uwsgi/apps-available/searxng.ini:socket b/utils/templates/etc/uwsgi/apps-available/searxng.ini:socket index 2f95fab7c..be564bde8 100644 --- a/utils/templates/etc/uwsgi/apps-available/searxng.ini:socket +++ b/utils/templates/etc/uwsgi/apps-available/searxng.ini:socket @@ -1,4 +1,4 @@ -# -*- mode: conf; coding: utf-8 -*- +# -*- mode: conf-unix; coding: utf-8 -*- [uwsgi] # uWSGI core @@ -27,6 +27,8 @@ env = SEARXNG_SETTINGS_PATH=${SEARXNG_SETTINGS_PATH} # disable logging for privacy disable-logging = true +log-4xx = true # but log 4xx's anyway +log-5xx = true # and 5xx's # The right granted on the created socket chmod-socket = 666 @@ -36,6 +38,9 @@ single-interpreter = true # enable master process master = true +strict = true +vacuum = true # Delete sockets during shutdown +need-app = true # load apps in each worker instead of the master lazy-apps = true @@ -53,6 +58,13 @@ enable-threads = true # Number of workers (usually CPU count) workers = ${UWSGI_WORKERS:-%k} threads = ${UWSGI_THREADS:-4} +harakiri = 60 +max-requests = 1000 # Restart workers after this many requests +max-worker-lifetime = 3600 # Restart workers after this many seconds +reload-on-rss = 2048 # Restart workers after this much resident memory +worker-reload-mercy = 60 # How long to wait before forcefully killing workers +die-on-term = true # Shutdown when receiving SIGTERM (default is respawn) +py-callos-afterfork = true # allow workers to trap signals # plugin: python # --------------